Posted by FreezeWarp on December 13, 2010 at 3:55 PM
To Visitors of Floatzel.net, VictoryBattles.net, and VictoryRoad.net:
Starting December 3rd, 2010, and lasting somewhere around a week, Google Adsense (our ad provider), as well as MSN's own ad provider, were both attacked with a form of malware that may have affected the Victory Road Network as well a variety of other sites on the internet - including both Google and MSN.com. While we are unaware if any people here at Victory Road were for sure affected, we encourage those with lax security policies, or who have noticed abnormalities over the past week, to check.
The attacks themselves use a variety of exploits, including:
[*]A vulnerability in Internet Explorer 6, 6 SP1, and 7 (though neither 8 nor 9) with the "iepeers.dll" library. (More Info
[*]An exploit in Java JDK and JRE 6 Update 10 - Update 19 (More Info
[*]Multiple exploits in Adobe Reader and Acrobat affecting versions 7, 8, and 9 (though not 9.1). (More Info 1
[*]A flaw in Active X, affecting MDAC 2.7 and 2.8. This is believed to affect IE 6 and 7 but not 8. (More Info
The main virus installed is HDD Plus, and more information can be found here at Armorize
and here at ComputerWorld
. As always, please keep your software as up to date as possible. If you are using Internet Explorer, please use at least version 8. Adobe Flash and Acrobat should also be at their latest versions (10.1 and 9.4 respectively).
Victory Road Administrator